www.emsdn.com
Class Profile: Home »» Samba [Samba] under "Samba" »»» 3.0.23: net ads join fails on RHEL3
3.0.23: net ads join fails on RHEL3
PGP SIGNED MESSAGE
Hash: SHA1
This is odd. Running the current 3.0.23 release tree on RHEL3
against a Windows 2003 domain (with the DES keys hotfix) gives:
$ bin/net rpc join -U Administrator%bleaK.er -W CLR
Joined domain CLR.
$ bin/net ads join -U Administrator%bleaK.er -W CLR
Failed to set password for machine account (NT_STATUS_WRNG_PASSWRD)
Failed to join domain!
But both are using the same SetUserInfo(24) call. Both the 'rpc
join' and 'ads join' succeed on SuSE 10.0. I can see anything
that is different between the two.
Anyone got any ideas?
cheers, jerry
Samba http://www.samba.org
Centeris http://www.centeris.com
"What man is a man who does not make the world better?"
PGP SIGNATURE
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
XRi/kIeiGHJcmRzipZuvzrs=
=TY
PGP SIGNATURE
No. 1# | By Developer Tags User at [2008-5-5] | size: 1148 bytes
PGP SIGNED MESSAGE
Hash: SHA1
Gerald (Jerry) Carter wrote:
This is odd. Running the current 3.0.23 release tree on RHEL3
against a Windows 2003 domain (with the DES keys hotfix) gives:
$ bin/net rpc join -U Administrator%bleaK.er -W CLR
Joined domain CLR.
$ bin/net ads join -U Administrator%bleaK.er -W CLR
Failed to set password for machine account (NT_STATUS_WRNG_PASSWRD)
Failed to join domain!
But both are using the same SetUserInfo(24) call. Both the 'rpc
join' and 'ads join' succeed on SuSE 10.0. I can see anything
that is different between the two.
ok. Looks like 'rpc join' case has a 16 byte session key
while the 'ads join' has an 8 byte session key. Have
have goofed the DES session keys ?
cheers, jerry
Samba http://www.samba.org
Centeris http://www.centeris.com
"What man is a man who does not make the world better?"
PGP SIGNATURE
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
VSM+25tbdB1rMkTcjp6HDYI=
=nMDM
PGP SIGNATURE
No. 1# | By Developer Tags User at [2008-5-5] | size: 718 bytes
PGP SIGNED MESSAGE
Hash: SHA1
Gerald (Jerry) Carter wrote:
ok. Looks like 'rpc join' case has a 16 byte session key
while the 'ads join' has an 8 byte session key. Have
have goofed the DES session keys ?
Hmmmso the RC4-HMAC krb5 session setup gives us
a 16 byte session key. That would make sense why it works
on SuSE 10.0.
cheers, jerry
Samba http://www.samba.org
Centeris http://www.centeris.com
"What man is a man who does not make the world better?"
PGP SIGNATURE
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
UzDAJl7i0TrMJ8/IczH+l9U=
=HjZl
PGP SIGNATURE
No. 1# | By Developer Tags User at [2008-5-5] | size: 660 bytes
Thu, Jul 06, 2006 at 08:36:53PM -0500, Gerald (Jerry) Carter wrote:
PGP SIGNED MESSAGE
Hash: SHA1
Gerald (Jerry) Carter wrote:
ok. Looks like 'rpc join' case has a 16 byte session key
while the 'ads join' has an 8 byte session key. Have
have goofed the DES session keys ?
Hmmmso the RC4-HMAC krb5 session setup gives us
a 16 byte session key. That would make sense why it works
on SuSE 10.0.
Wasn't there an old Red Hat patch that truncated
the sesssion key to 8 bytes that we removed
I do seem to remember this. Andrew Bartlett might
remember more.
Jeremy.
No. 1# | By Developer Tags User at [2008-5-5] | size: 1082 bytes
Thu, 2006-07-06 at 18:50 -0700, Jeremy Allison wrote:
Thu, Jul 06, 2006 at 08:36:53PM -0500, Gerald (Jerry) Carter wrote:
PGP SIGNED MESSAGE
Hash: SHA1
Gerald (Jerry) Carter wrote:
ok. Looks like 'rpc join' case has a 16 byte session key
while the 'ads join' has an 8 byte session key. Have
have goofed the DES session keys ?
Hmmmso the RC4-HMAC krb5 session setup gives us
a 16 byte session key. That would make sense why it works
on SuSE 10.0.
Wasn't there an old Red Hat patch that truncated
the sesssion key to 8 bytes that we removed
I do seem to remember this. Andrew Bartlett might
remember more.
Yeah, there were various bits of mess around here. We put the patch in,
then thought it broke something else and removed it. I would not be
surprised if the answer lies in the middle somewhere. The purpose of
the Samba4 test_session_key.sh script is to catch *some* of these
issues, but I think there are some combinations we haven't explored.
Andrew Bartlett
Samba Hot!
Samba New!
Copyright © 2008 www.emsdn.com • All rights reserved • CMS Theme by www.emsdn.com - 0.25